Posts

$8.2 million stolen from Nexus Mutual CEO via rogue Metamask extension

avatar of @friendlymoose
25
@friendlymoose
·
·
0 views
·
2 min read

(image source)

Yesterday Nexus Mutual announced on their official Twitter page that the personal address of their CEO Hugh Karp was attacked and drained. The attackers managed to steal 8,2 million dollar in NXM tokens from his wallet. There is no sign other wallets were targeted in this attack.

I found this news rather shocking. How can a CEO of a company that is involved in the crypto business and has access to a wallet with these amounts of crypto be so inattentive?

Screenshot of the transaction from etherscan.io https://etherscan.io/tx/0x4ddcc21c6de13b3cf472c8d4cdafd80593e0fc286c67ea144a76dbeddb7f3629

According to the company’s tweets the attacker seems to be a Nexus Mutual member that somehow gained remote access to Karp’s computer and modified his MetaMask wallet extension. The company also claims their pool of funds and all systems are safe.

Hugh Karp himself compliments the attacker and offers him a $ 300k bounty if he returns the loot.

Metamask

MetaMask is one of the most famous wallet apps. The downside of this is that popular wallets are also popular targets for cybercriminals.
There has seen an alarming number of phishing attacks aimed at Metamask wallet owners.
Cybercriminals even buy Google ads to trick people into downloading rogue wallet apps.

Many people on Twitter complain having lost money on this scam and the number of victims is quickly growing.

Tips

Always be careful when you download wallets to store your possessions. Check, double check and triple check whether you have the right one! Consider a hardware wallet when you have large amounts of crypto. Never, really never fill in your 12/24 word passphrase when asked! Another advice is to use a dedicated machine that you use for crypto. This could be a virtual machine running on your computer.
Don’t use this machine for your daily stuff such as browsing, emails, social media etcetera to reduce the chance of also becoming a victim.

Be careful out there!

[EDIT] After finishing this blog I saw a blog of @onealfa who is using Tails (an operating system (OS), created and optimized for user's privacy and anonymity) for his crypto business. Check his blog here:

Posted Using LeoFinance Beta